Putnam, chair of the House Government Reform Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census, held hearings last week on the results of the first year under FISMA.

Although the Office of Management and Budget reported that progress has been made in IT security, most of the 24 executive branch agencies covered by the law fell far short of goals set by OMB. The subcommittee in December gave the government an overall grade of D in IT security based on FISMA reports for 2003.

Karen Evans, OMB administrator for electronic government and IT, said the same security weaknesses are found year after year, legacy systems continue to operate with serious weaknesses and agencies still are not adequately prioritizing IT spending. She said OMB has halted fiscal 2004 spending on some IT programs until agencies fix security problems in existing systems.

'Dollars are not moving out until we have the plans,' she said, but she could not say how much money was involved or what projects have been delayed.

A lack of individual accountability for compliance was cited several times as a cause of slow progress in security reform. Putnam said he is working with Rep. Tom Davis (R-Va.) to amend the Clinger-Cohen Act 'to explicitly identify information security as a required element of the IT investment management oversight and decision making process.'